FOUR-28723 | Store Logs For Deleting Cases via API

[mcraeteisha]

Issue

Ticket: FOUR-28723

This PR implements security logging for case deletions performed via the API, ensuring that all case deletion activities are traceable and auditable through ProcessMaker's existing security log infrastructure.

Solution

1. Created CaseDeleted Event (ProcessMaker/Events/CaseDeleted.php)
   • New event class that implements SecurityLogEventInterface to enable security logging for case deletions
2. Refactored DeleteCase Action (ProcessMaker/Http/Controllers/Api/Actions/Cases/DeleteCase.php)
   • Refactored to use DeletesCaseRecords trait to reduce class complexity
3. Created DeletesCaseRecords Trait (ProcessMaker/Http/Controllers/Api/Actions/Cases/DeletesCaseRecords.php)
   • New trait containing all case deletion logic methods
4. Added Test Coverage (tests/Feature/Api/SecurityLogsTest.php)
   • Created testCaseDeleted() test to verify that case deletions are properly logged

How To Test

1. Delete a Case via API
2. Log in to ProcessMaker. Go to Admin → Users → Security Logs
3. Verify the CaseDeleted log entry appears in the list
4. Click on the CaseDeleted log entry to view detailed information
   • Verify the following information is displayed accurately:
     • Name: Should display the case title
     • Case Number: Should display the case number
     • Deleted At: Should show the timestamp when the deletion occurred
5. Run the Unit Test:
   tests/Feature/Api/SecurityLogsTest.php --filter=testCaseDeleted

Code Review Checklist

• I have pulled this code locally and tested it on my instance, along with any associated packages.
• This code adheres to ProcessMaker Coding Guidelines.
• This code includes a unit test or an E2E test that tests its functionality, or is covered by an existing test.
• This solution fixes the bug reported in the original ticket.
• This solution does not alter the expected output of a component in a way that would break existing Processes.
• This solution does not implement any breaking changes that would invalidate documentation or cause existing Processes to fail.
• This solution has been tested with enterprise packages that rely on its functionality and does not introduce bugs in those packages.
• This code does not duplicate functionality that already exists in the framework or in ProcessMaker.
• This ticket conforms to the PRD associated with this part of ProcessMaker.

---

Note

Security logging for case deletions

• Introduces CaseDeleted event implementing SecurityLogEventInterface with name, case_number, and deleted_at in data and case_number in changes.
• DeleteCase now uses DeletesCaseRecords trait (extracted all record-deletion helpers) and dispatches CaseDeleted after a successful transaction; adds getCaseTitle to resolve a human-readable title from CaseStarted or the first ProcessRequest.
• Registers CaseDeleted in EventServiceProvider to be handled by SecurityLogger when app.security_log is enabled.
• Adds testCaseDeleted in SecurityLogsTest to verify a CaseDeleted security log is emitted on DELETE /api/cases/{case_number}.

^{Written by Cursor Bugbot for commit 0e8b89f. This will update automatically on new commits. Configure here.}

[cursor]

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[processmaker-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube